The AKS kubeconfig file should have permissions set to 644 or more restrictive

azure.kubernetes
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

If kubelet is configured by a kubeconfig file, ensure that the kubeconfig file has permissions of 644 or more restrictive. The kubelet kubeconfig file contains authentication credentials used by the kubelet service in the worker node to connect to the main Kubernetes API. You should restrict its file permissions to maintain the integrity of the file. The file should only be writable by the administrators on the system.

Remediation

Run the following command to fix the kubelet configuration file’s permissions:

chmod 644 /var/lib/kubelet/kubeconfig

Note: The path above is the default location in AKS.